By now, you’ve probably heard about Heartbleed, the security vulnerability that affects more than 66 percent of the sites on the Internet. Heartbleed is a vulnerability in the OpenSSL software that is popular for web site encryption.
While it’s tempting to swear off the Internet forever, that’s probably not a viable option. Instead, it makes more sense to be careful about how you use the Internet, and take steps to protect your information and your identity. Here’s what to do if you are concerned about Heartbleed:
First of all, don’t panic. The Heartbleed vulnerability only allows someone to grab 64k of data at a time. But here’s the thing: It’s only random data. The person exploiting Heartbleed can’t choose which data to grab. Of course, different data can be grabbed from the server over and over again, and the exploiter is bound to come up with something “good” at some point.
From the NSA to hackers, the Heartbleed vulnerability has been available for more than two years. While some of your information might be out there, and your identity might be compromised, you don’t want to over react. Take a step back, avoid panicking and move forward.
Find Out Which Sites are Vulnerable
Next, you need to figure out which sites are vulnerable to Heartbleed. A number of sites have already fixed the problem, so it might not be an issue. Unfortunately, you can’t rely on the old methods of determining web site security to find out if there is a Heartbleed problem.
The good news is that there are lists and web apps that can help you check for Heartbleed vulnerability, letting you know if something needs to change. You can also read this helpful guide from IT World, which takes you beyond the lists and apps, which might not always be completely accurate.
You can also install a plug-in from Chrome or Firefox to help you identify sites vulnerable to Heartbleed as you surf.
Find out which of your heavily used sites are vulnerable, and then go from there.
You will need to change your passwords on sites that are vulnerable to Heartbleed. However, realize that this doesn’t do you much good until after the site has updated its OpenSSL to reflect the fix. Until the site itself has updated, changing the password won’t help much.
Once the site is updated, you need to change your password. One of the best things you can do is to use different passwords for each site. This is because many hackers know that consumers often use the same username/password combo on multiple sites. Cracking one could open up your entire life. Don’t let that happen.
Good password practice is to choose a different password for each site. If you don’t want to try to keep track of them all, identity theft tools like password managers can help you keep different passwords without having to memorize them all, or hunt them up on a piece of paper.
In any case, you should rotate your passwords regularly, at least every six months, for maximum security and identity protection. Even without Heartbleed threatening your identity, you should pay attention to your passwords and change them regularly.
Keep Tabs on Your Credit Report
Finally, make sure that you keep tabs on your credit report in order to catch potential identity theft. This is a good idea anyway. Watching your credit report can send up red flags if your identity has been stolen and someone is opening fraudulent accounts.
You can keep watch on your credit situation with the help of free resources, as well as paid resources that can monitor your credit for you, and send regular reports.
You should be concerned about Heartbleed, and you should pay attention. However, you shouldn’t panic. Take appropriate steps to safeguard your information, and focus on good password practices, and you should be able to weather the storm.